Grouper Permissions allow/deny
DATE and TIME: 5/26/2011 - 10:00
CONVENER: Chris Hyzer
SCRIBE: Mark Rank - UWM
# of ATTENDEES: 23+
MAIN ISSUES DISCUSSED:
--- Demo (Google permissions allow and deny)
---- https://spaces.at.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny
--- overview of current state permissions for level setting
---- roles
---- action
---- resources
--- Grouper 2.0 coming at end of summer
--- Algorithm summary on web
---- direct trumps inheritance
---- inherited deny trump inherited accept
---- remember permissions assigned to role not directly to a subject
---- review algorithm details
--- Discussion of accept vs deny (terminology)
---- Concern about terminology
---- "What are you trying to achieve?"
--- Review some examples
---- used to cut branches out of the resultant set
--- How do we manage the complexity in a UI?
---- Have a fair amount of technical needs for setup
---- strongly need defined roles
---- leverage UI's to narrow down the options
---- need simpler UI's
---- demo of simplier custom UI's
--- Is there a tool to test the result of the change?
---- UI does have some tools
--- Some basic GROUPER terminology
--- Demo (Google permissions allow and deny)
---- https://spaces.at.internet2.edu/display/Grouper/Grouper+permissions+allow+and+deny
--- overview of current state permissions for level setting
---- roles
---- action
---- resources
--- Grouper 2.0 coming at end of summer
--- Algorithm summary on web
---- direct trumps inheritance
---- inherited deny trump inherited accept
---- remember permissions assigned to role not directly to a subject
---- review algorithm details
--- Discussion of accept vs deny (terminology)
---- Concern about terminology
---- "What are you trying to achieve?"
--- Review some examples
---- used to cut branches out of the resultant set
--- How do we manage the complexity in a UI?
---- Have a fair amount of technical needs for setup
---- strongly need defined roles
---- leverage UI's to narrow down the options
---- need simpler UI's
---- demo of simplier custom UI's
--- Is there a tool to test the result of the change?
---- UI does have some tools
--- Some basic GROUPER terminology
--- Deployment mechanisms discussion
--- Concerns about DENY
---- DENY as short circuit for mechanism
---- Complicated cases will be the norm
---- Historically DENY has issues
--- Concerns about DENY
---- DENY as short circuit for mechanism
---- Complicated cases will be the norm
---- Historically DENY has issues
-
ACTIVITIES GOING FORWARD / NEXT STEPS
- Looking at agreeing on adopting one of the simpler UI's?
- Status of maturity of API's?
- What are the use cases for this?
-
If slides are used in the session, please ask presenters to convert their slides to PDF and email them to SteveO@internet2.edu
Thank you!